11/14/2018

Your email to our support system could not be accepted because we require you to submit all tickets via our online client support portal. You can do this at the URL below.

Do-Not-Reply@Tele-Asia.NET

You know, the email that I sent was really just a courtesy to let you know a knuckle head was hanging out on your network. I guess you don’t care, even though your abuse address is listed in your whois info. It’s ok, I already blocked the asshole, but now I’m considering blackholing your entire network. Thanks for not giving a shit.

Comments Off on Well, Isn’t That Special?

10/13/2018

I periodically go back through my Fail2Ban reports just to see who’s being naughty or nice. If a host, or a network is being particularly egregious I will send the admins a note/complaint about the behavior. I don’t always do this before I add them to an ipset filter. On my generous days, I give the admin a chance to respond to a complaint. On my not so generous days I might just completely block an entire network, it just depends on the recidivism of the offender.

I sent an email to Cloudflare showing 9 different IP addresses that had been blocked by Spamassassin and subsequently blocked by Fail2Ban. So first, Spamassassin identifies email as spam. Once three such messages are marked from any one host, Fail2Ban will block that host. So there were ~27 attempts to send spam that were blocked by Spamassassin, then by Fail2Ban. I got a response that I didn’t immediately see: <>blockquote>There’s no way the IP could be attempting to SSH into your server through our service. You’re likely either logging the wrong IP, or the IP was spoofed.

What I sent them was,

Hi,

The IP ${IP} has just been banned by Fail2Ban after
3 attempts against spammed.